Risk Analyst, Trust & Safety (Access Function)

RM&I works constantly to identify strategic priorities, opportunities, and pain points in the organization's risk management landscape, providing data-based insights and business-centric solutions. Together with cross-functional stakeholders and partners, we build greater efficacy and consistency in T&S's risk management capabilities, and promote global synergy whilst enabling localized decision-making.

Responsibilities:
- [Access Controls & Governance] Assist in monitoring and enhancing access management frameworks by supporting the governance of user entitlements, privileged access, and authentication controls, through regular reviews and utilise data analytics and visualisation for continuous auditing. Contribute to implementing proactive measures to mitigate risks related to unauthorized access and insider threats, ensure ongoing compliance with enterprise policies and data security requirements, and audit-/assurance-readiness. Help promote risk awareness through regular communication with business leaders and frontline employees.
- [Third-Party / BPO Supply Chain Risk Management] Support the governance of risk controls for outsourced operations, BPO engagements, and third-party partnerships. Leverage innovative and automated tools to stay ahead of emerging risks and trends in the BPO landscape, enhancing risk assessment and risk rating methodologies for continued relevance. Assist in conducting BPO risk assessments, reporting on findings, and maintaining due diligence processes. Monitor contractual risk controls to ensure third-party compliance with security, data protection, and operational resilience requirements. Support the development and delivery of BPO risk champion training programs to enhance the risk management capabilities of internal frontline partner management teams.
- [Data Protection, Privacy & Confidentiality] Contribute to the implementation of initiatives to safeguard data privacy and confidentiality, ensuring that security-by-design principles are incorporated into operational policies and processes. Help monitor compliance with global data protection regulations and identify risks related to data access, processing, storage, and transfer.
- [Reporting & Communication] Assist in preparing risk assessment reports, compliance status and risk register updates, and key risk indicators (KRIs) for senior management and stakeholders. Communicate risk findings effectively, translating technical information into easily understandable reports for cross-functional teams.
- [Collaboration & Partnerships] Support collaborative efforts with internal teams (e.g., Legal, Regulatory Compliance, Information Security, Ethics Office, Internal Audit, Data Protection and Privacy, Engineering, Product) to execute risk-control assessments and assist with compliance projects. Contribute to research on emerging risks by leveraging AI capabilities and analytics, providing insights to refine internal controls and enhance risk management processes.

Qualifications

Minimum Qualifications:
- Bachelor's degree or above in information security, risk management, engineering, computer and/or data science or any other discipline that combines structured and systematic thinking with user-centric solution-design. A relevant professional certification (e.g., CRISC, CISM, CISSP, CISA) is highly desirable.
- Minimum of 5 years of experience working across one or more of the following disciplines: enterprise/operational risk management, regulatory compliance, internal/external audit, third-party and vendor risk management, cybersecurity, internal controls and risk optimization or related areas - preferably in global, fast-growing, and highly regulated industries. Experience in content moderation, customer support, or online safety within a Trust & Safety or online platform environment is highly preferred.
- Strong understanding of risk assessment methodologies, including qualitative and quantitative techniques. Experience in developing and implementing risk frameworks and taxonomies within a Trust & Safety environment is highly preferred.
- Deep knowledge of relevant regulations and compliance requirements related to online safety and data privacy (e.g., GDPR, CCPA, AI Risk Governance)
- Excellent program management, communication, and interpersonal skills, with the ability to clearly communicate complex technical and risk issues to a non-technical audience, and execute at consistently high standards within exacting timeframes.
- Proficiency in data extraction and analysis tools (e.g., SQL, Python, R)
- High level of risk awareness, agile mindset and strong sense of ownership and professionalism.

Preferred Qualifications:
- Direct exposure to key industry regulations or legislation such as the Digital Services Act, Digital Markets Act, GDPR, AI Act, etc.
- Experience with data analytics, machine learning, conversational and/or generative AI technologies would be a plus.
- A keen interest in observing emerging social, behavioural and industry trends that could affect how users interact with our platform, and how internal policies and processes could be optimized in response.